]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/user-record.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
locale: inline iterator variable declarations
[thirdparty/systemd.git] / src / shared / user-record.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
71d0b9d4
LP		 2
3#include <sys/mount.h>
4
5#include "cgroup-util.h"
6#include "dns-domain.h"
7#include "env-util.h"
53393c89
ZJS		 8#include "fd-util.h"
9#include "fileio.h"
71d0b9d4
LP		 10#include "fs-util.h"
11#include "hexdecoct.h"
12#include "hostname-util.h"
13#include "memory-util.h"
14#include "path-util.h"
15#include "pkcs11-util.h"
16#include "rlimit-util.h"
17#include "stat-util.h"
18#include "string-table.h"
19#include "strv.h"
20#include "user-record.h"
21#include "user-util.h"
22
23#define DEFAULT_RATELIMIT_BURST 30
24#define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
25
53393c89
ZJS		 26#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
27static int parse_alloc_uid(const char *path, const char *name, const char *t, uid_t *ret_uid) {
28 uid_t uid;
29 int r;
30
31 r = parse_uid(t, &uid);
32 if (r < 0)
33 return log_debug_errno(r, "%s: failed to parse %s %s, ignoring: %m", path, name, t);
34 if (uid == 0)
35 uid = 1;
36
37 *ret_uid = uid;
38 return 0;
39}
aa25270c 40#endif
53393c89 41
aa25270c 42int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) {
53393c89 43 UGIDAllocationRange defs = {
fc1a5d1a 44 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
53393c89 45 .system_uid_max = SYSTEM_UID_MAX,
fc1a5d1a 46 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
53393c89
ZJS		 47 .system_gid_max = SYSTEM_GID_MAX,
48 };
aa25270c
ZJS		 49
50#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
51 _cleanup_fclose_ FILE *f = NULL;
53393c89
ZJS		 52 int r;
53
54 if (!path)
55 path = "/etc/login.defs";
56
aa25270c 57 r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", &f, NULL);
53393c89
ZJS		 58 if (r == -ENOENT)
59 goto assign;
60 if (r < 0)
61 return log_debug_errno(r, "Failed to open %s: %m", path);
62
63 for (;;) {
64 _cleanup_free_ char *line = NULL;
65 char *t;
66
67 r = read_line(f, LINE_MAX, &line);
68 if (r < 0)
69 return log_debug_errno(r, "Failed to read %s: %m", path);
70 if (r == 0)
71 break;
72
fc1a5d1a
ZJS		 73 if ((t = first_word(line, "SYS_UID_MIN")))
74 (void) parse_alloc_uid(path, "SYS_UID_MIN", t, &defs.system_alloc_uid_min);
75 else if ((t = first_word(line, "SYS_UID_MAX")))
53393c89 76 (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max);
fc1a5d1a
ZJS		 77 else if ((t = first_word(line, "SYS_GID_MIN")))
78 (void) parse_alloc_uid(path, "SYS_GID_MIN", t, &defs.system_alloc_gid_min);
53393c89
ZJS		 79 else if ((t = first_word(line, "SYS_GID_MAX")))
80 (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max);
81 }
82
83 assign:
fc1a5d1a
ZJS		 84 if (defs.system_alloc_uid_min > defs.system_uid_max) {
85 log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path);
86 defs.system_alloc_uid_min = MIN(defs.system_uid_max - 1, (uid_t) SYSTEM_ALLOC_UID_MIN);
87 /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */
88 }
89 if (defs.system_alloc_gid_min > defs.system_gid_max) {
90 log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path);
91 defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN);
92 /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */
93 }
aa25270c 94#endif
fc1a5d1a 95
53393c89
ZJS		 96 *ret_defs = defs;
97 return 0;
98}
53393c89
ZJS		 99
100const UGIDAllocationRange *acquire_ugid_allocation_range(void) {
101#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
102 static thread_local UGIDAllocationRange defs = {
103#else
104 static const UGIDAllocationRange defs = {
105#endif
fc1a5d1a 106 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
53393c89 107 .system_uid_max = SYSTEM_UID_MAX,
fc1a5d1a 108 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
53393c89
ZJS		 109 .system_gid_max = SYSTEM_GID_MAX,
110 };
111
112#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
113 /* This function will ignore failure to read the file, so it should only be called from places where
114 * we don't crucially depend on the answer. In other words, it's appropriate for journald, but
115 * probably not for sysusers. */
116
117 static thread_local bool initialized = false;
118
119 if (!initialized) {
aa25270c 120 (void) read_login_defs(&defs, NULL, NULL);
53393c89
ZJS		 121 initialized = true;
122 }
123#endif
124
125 return &defs;
126}
127
128bool uid_is_system(uid_t uid) {
129 const UGIDAllocationRange *defs;
130 assert_se(defs = acquire_ugid_allocation_range());
131
132 return uid <= defs->system_uid_max;
133}
134
135bool gid_is_system(gid_t gid) {
136 const UGIDAllocationRange *defs;
137 assert_se(defs = acquire_ugid_allocation_range());
138
139 return gid <= defs->system_gid_max;
140}
141
71d0b9d4
LP		 142UserRecord* user_record_new(void) {
143 UserRecord *h;
144
145 h = new(UserRecord, 1);
146 if (!h)
147 return NULL;
148
149 *h = (UserRecord) {
150 .n_ref = 1,
151 .disposition = _USER_DISPOSITION_INVALID,
152 .last_change_usec = UINT64_MAX,
153 .last_password_change_usec = UINT64_MAX,
154 .umask = MODE_INVALID,
155 .nice_level = INT_MAX,
156 .not_before_usec = UINT64_MAX,
157 .not_after_usec = UINT64_MAX,
158 .locked = -1,
159 .storage = _USER_STORAGE_INVALID,
160 .access_mode = MODE_INVALID,
161 .disk_size = UINT64_MAX,
162 .disk_size_relative = UINT64_MAX,
163 .tasks_max = UINT64_MAX,
164 .memory_high = UINT64_MAX,
165 .memory_max = UINT64_MAX,
166 .cpu_weight = UINT64_MAX,
167 .io_weight = UINT64_MAX,
168 .uid = UID_INVALID,
169 .gid = GID_INVALID,
170 .nodev = true,
171 .nosuid = true,
172 .luks_discard = -1,
5e86c82a 173 .luks_offline_discard = -1,
71d0b9d4
LP		 174 .luks_volume_key_size = UINT64_MAX,
175 .luks_pbkdf_time_cost_usec = UINT64_MAX,
176 .luks_pbkdf_memory_cost = UINT64_MAX,
177 .luks_pbkdf_parallel_threads = UINT64_MAX,
178 .disk_usage = UINT64_MAX,
179 .disk_free = UINT64_MAX,
180 .disk_ceiling = UINT64_MAX,
181 .disk_floor = UINT64_MAX,
182 .signed_locally = -1,
183 .good_authentication_counter = UINT64_MAX,
184 .bad_authentication_counter = UINT64_MAX,
185 .last_good_authentication_usec = UINT64_MAX,
186 .last_bad_authentication_usec = UINT64_MAX,
187 .ratelimit_begin_usec = UINT64_MAX,
188 .ratelimit_count = UINT64_MAX,
189 .ratelimit_interval_usec = UINT64_MAX,
190 .ratelimit_burst = UINT64_MAX,
191 .removable = -1,
192 .enforce_password_policy = -1,
193 .auto_login = -1,
194 .stop_delay_usec = UINT64_MAX,
195 .kill_processes = -1,
196 .password_change_min_usec = UINT64_MAX,
197 .password_change_max_usec = UINT64_MAX,
198 .password_change_warn_usec = UINT64_MAX,
199 .password_change_inactive_usec = UINT64_MAX,
200 .password_change_now = -1,
201 .pkcs11_protected_authentication_path_permitted = -1,
7b78db28 202 .fido2_user_presence_permitted = -1,
71d0b9d4
LP		 203 };
204
205 return h;
206}
207
208static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
209 if (!k)
210 return;
211
212 free(k->uri);
213 erase_and_free(k->data);
214 erase_and_free(k->hashed_password);
215}
216
5e4fa456
LP		 217static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
218 if (!c)
219 return;
220
221 free(c->id);
222}
223
224static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
225 if (!s)
226 return;
227
228 fido2_hmac_credential_done(&s->credential);
229 erase_and_free(s->salt);
230 erase_and_free(s->hashed_password);
231}
232
b3a97fd3
LP		 233static void recovery_key_done(RecoveryKey *k) {
234 if (!k)
235 return;
236
237 free(k->type);
238 erase_and_free(k->hashed_password);
239}
240
71d0b9d4
LP		 241static UserRecord* user_record_free(UserRecord *h) {
242 if (!h)
243 return NULL;
244
245 free(h->user_name);
246 free(h->realm);
247 free(h->user_name_and_realm_auto);
248 free(h->real_name);
249 free(h->email_address);
250 erase_and_free(h->password_hint);
251 free(h->location);
252 free(h->icon_name);
253
254 free(h->shell);
255
256 strv_free(h->environment);
257 free(h->time_zone);
258 free(h->preferred_language);
259 rlimit_free_all(h->rlimits);
260
261 free(h->skeleton_directory);
262
263 strv_free_erase(h->hashed_password);
264 strv_free_erase(h->ssh_authorized_keys);
265 strv_free_erase(h->password);
c0bde0d2 266 strv_free_erase(h->token_pin);
71d0b9d4
LP		 267
268 free(h->cifs_service);
269 free(h->cifs_user_name);
270 free(h->cifs_domain);
271
272 free(h->image_path);
273 free(h->image_path_auto);
274 free(h->home_directory);
275 free(h->home_directory_auto);
276
277 strv_free(h->member_of);
278
279 free(h->file_system_type);
280 free(h->luks_cipher);
281 free(h->luks_cipher_mode);
282 free(h->luks_pbkdf_hash_algorithm);
283 free(h->luks_pbkdf_type);
284
285 free(h->state);
286 free(h->service);
287
288 strv_free(h->pkcs11_token_uri);
289 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
290 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
291 free(h->pkcs11_encrypted_key);
292
5e4fa456
LP		 293 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
294 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
295 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
296 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
297
b3a97fd3
LP		 298 strv_free(h->recovery_key_type);
299 for (size_t i = 0; i < h->n_recovery_key; i++)
300 recovery_key_done(h->recovery_key + i);
301
71d0b9d4
LP		 302 json_variant_unref(h->json);
303
304 return mfree(h);
305}
306
307DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
308
309int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
310 char **s = userdata;
311 const char *n;
312 int r;
313
314 if (json_variant_is_null(variant)) {
315 *s = mfree(*s);
316 return 0;
317 }
318
319 if (!json_variant_is_string(variant))
320 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
321
322 n = json_variant_string(variant);
323 r = dns_name_is_valid(n);
324 if (r < 0)
325 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
326 if (r == 0)
327 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
328
329 r = free_and_strdup(s, n);
330 if (r < 0)
331 return json_log(variant, flags, r, "Failed to allocate string: %m");
332
333 return 0;
334}
335
0bb43080 336int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
71d0b9d4
LP		 337 char **s = userdata;
338 const char *n;
71d0b9d4
LP		 339
340 if (json_variant_is_null(variant)) {
341 *s = mfree(*s);
342 return 0;
343 }
344
345 if (!json_variant_is_string(variant))
346 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
347
348 n = json_variant_string(variant);
5cd12aba
LP		 349 if (valid_gecos(n)) {
350 if (free_and_strdup(s, n) < 0)
351 return json_log_oom(variant, flags);
352 } else {
353 _cleanup_free_ char *m = NULL;
71d0b9d4 354
5cd12aba
LP		 355 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
356
357 m = mangle_gecos(n);
358 if (!m)
359 return json_log_oom(variant, flags);
360
361 free_and_replace(*s, m);
362 }
71d0b9d4
LP		 363
364 return 0;
365}
366
367static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
368 int *nl = userdata;
369 intmax_t m;
370
371 if (json_variant_is_null(variant)) {
372 *nl = INT_MAX;
373 return 0;
374 }
375
376 if (!json_variant_is_integer(variant))
377 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
378
379 m = json_variant_integer(variant);
380 if (m < PRIO_MIN || m >= PRIO_MAX)
381 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
382
383 *nl = m;
384 return 0;
385}
386
387static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
388 rlim_t *ret = userdata;
389
390 if (json_variant_is_null(variant))
391 *ret = RLIM_INFINITY;
392 else if (json_variant_is_unsigned(variant)) {
393 uintmax_t w;
394
395 w = json_variant_unsigned(variant);
396 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
397 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
398
399 *ret = (rlim_t) w;
400 } else
401 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
402
403 return 0;
404}
405
406static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
407 struct rlimit** limits = userdata;
408 JsonVariant *value;
409 const char *key;
410 int r;
411
412 assert_se(limits);
413
414 if (json_variant_is_null(variant)) {
415 rlimit_free_all(limits);
416 return 0;
417 }
418
419 if (!json_variant_is_object(variant))
420 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
421
422 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
423 JsonVariant *jcur, *jmax;
424 struct rlimit rl;
425 const char *p;
426 int l;
427
428 p = startswith(key, "RLIMIT_");
429 if (!p)
7211c853 430 l = -SYNTHETIC_ERRNO(EINVAL);
71d0b9d4
LP		 431 else
432 l = rlimit_from_string(p);
433 if (l < 0)
7211c853 434 return json_log(variant, flags, l, "Resource limit '%s' not known.", key);
71d0b9d4
LP		 435
436 if (!json_variant_is_object(value))
437 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
438
439 if (json_variant_elements(value) != 4)
440 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
441
442 jcur = json_variant_by_key(value, "cur");
443 if (!jcur)
444 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
445 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
446 if (r < 0)
447 return r;
448
449 jmax = json_variant_by_key(value, "max");
450 if (!jmax)
451 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
452 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
453 if (r < 0)
454 return r;
455
456 if (limits[l])
457 *(limits[l]) = rl;
458 else {
459 limits[l] = newdup(struct rlimit, &rl, 1);
460 if (!limits[l])
461 return log_oom();
462 }
463 }
464
465 return 0;
466}
467
468static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
469 char **s = userdata;
470 const char *n;
471 int r;
472
473 assert(s);
474
475 if (json_variant_is_null(variant)) {
476 *s = mfree(*s);
477 return 0;
478 }
479
480 if (!json_variant_is_string(variant))
481 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
482
483 n = json_variant_string(variant);
484 if (!filename_is_valid(n) && !path_is_normalized(n))
485 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
486
487 r = free_and_strdup(s, n);
488 if (r < 0)
489 return json_log(variant, flags, r, "Failed to allocate string: %m");
490
491 return 0;
492}
493
494static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
495 char **s = userdata;
496 const char *n;
497 int r;
498
499 if (json_variant_is_null(variant)) {
500 *s = mfree(*s);
501 return 0;
502 }
503
504 if (!json_variant_is_string(variant))
505 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
506
507 n = json_variant_string(variant);
508 if (!path_is_normalized(n))
509 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
510 if (!path_is_absolute(n))
511 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
512
513 r = free_and_strdup(s, n);
514 if (r < 0)
515 return json_log(variant, flags, r, "Failed to allocate string: %m");
516
517 return 0;
518}
519
520static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
521 char **s = userdata;
522 const char *n;
523 int r;
524
525 if (json_variant_is_null(variant)) {
526 *s = mfree(*s);
527 return 0;
528 }
529
530 if (!json_variant_is_string(variant))
531 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
532
533 n = json_variant_string(variant);
534 if (!valid_home(n))
535 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
536
537 r = free_and_strdup(s, n);
538 if (r < 0)
539 return json_log(variant, flags, r, "Failed to allocate string: %m");
540
541 return 0;
542}
543
544static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
545 char **s = userdata;
546 const char *n;
547 int r;
548
549 if (json_variant_is_null(variant)) {
550 *s = mfree(*s);
551 return 0;
552 }
553
554 if (!json_variant_is_string(variant))
555 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
556
557 n = json_variant_string(variant);
558 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
559 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
560
561 r = free_and_strdup(s, n);
562 if (r < 0)
563 return json_log(variant, flags, r, "Failed to allocate string: %m");
564
565 return 0;
566}
567
568static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
569 mode_t *m = userdata;
570 uintmax_t k;
571
572 if (json_variant_is_null(variant)) {
573 *m = (mode_t) -1;
574 return 0;
575 }
576
577 if (!json_variant_is_unsigned(variant))
578 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
579
580 k = json_variant_unsigned(variant);
581 if (k > 0777)
582 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
583
584 *m = (mode_t) k;
585 return 0;
586}
587
588static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
589 mode_t *m = userdata;
590 uintmax_t k;
591
592 if (json_variant_is_null(variant)) {
593 *m = (mode_t) -1;
594 return 0;
595 }
596
597 if (!json_variant_is_unsigned(variant))
598 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
599
600 k = json_variant_unsigned(variant);
601 if (k > 07777)
602 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
603
604 *m = (mode_t) k;
605 return 0;
606}
607
608static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
609 _cleanup_strv_free_ char **n = NULL;
610 char ***l = userdata;
611 size_t i;
612 int r;
613
614 if (json_variant_is_null(variant)) {
615 *l = strv_free(*l);
616 return 0;
617 }
618
619 if (!json_variant_is_array(variant))
620 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
621
622 for (i = 0; i < json_variant_elements(variant); i++) {
71d0b9d4
LP		 623 JsonVariant *e;
624 const char *a;
625
626 e = json_variant_by_index(variant, i);
627 if (!json_variant_is_string(e))
628 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
629
630 assert_se(a = json_variant_string(e));
631
632 if (!env_assignment_is_valid(a))
633 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
634
aaf057c4 635 r = strv_env_replace_strdup(&n, a);
71d0b9d4
LP		 636 if (r < 0)
637 return json_log_oom(variant, flags);
71d0b9d4
LP		 638 }
639
aaf057c4 640 return strv_free_and_replace(*l, n);
71d0b9d4
LP		 641}
642
643int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
644 UserDisposition *disposition = userdata, k;
645
646 if (json_variant_is_null(variant)) {
647 *disposition = _USER_DISPOSITION_INVALID;
648 return 0;
649 }
650
651 if (!json_variant_is_string(variant))
652 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
653
654 k = user_disposition_from_string(json_variant_string(variant));
655 if (k < 0)
7211c853 656 return json_log(variant, flags, k, "Disposition type '%s' not known.", json_variant_string(variant));
71d0b9d4
LP		 657
658 *disposition = k;
659 return 0;
660}
661
662static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
663 UserStorage *storage = userdata, k;
664
665 if (json_variant_is_null(variant)) {
666 *storage = _USER_STORAGE_INVALID;
667 return 0;
668 }
669
670 if (!json_variant_is_string(variant))
671 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
672
673 k = user_storage_from_string(json_variant_string(variant));
674 if (k < 0)
7211c853 675 return json_log(variant, flags, k, "Storage type '%s' not known.", json_variant_string(variant));
71d0b9d4
LP		 676
677 *storage = k;
678 return 0;
679}
680
681static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
682 uint64_t *size = userdata;
683 uintmax_t k;
684
685 if (json_variant_is_null(variant)) {
686 *size = UINT64_MAX;
687 return 0;
688 }
689
690 if (!json_variant_is_unsigned(variant))
691 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
692
693 k = json_variant_unsigned(variant);
694 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
695 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
696
697 *size = k;
698 return 0;
699}
700
701static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
702 uint64_t *limit = userdata;
703 uintmax_t k;
704
705 if (json_variant_is_null(variant)) {
706 *limit = UINT64_MAX;
707 return 0;
708 }
709
710 if (!json_variant_is_unsigned(variant))
711 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
712
713 k = json_variant_unsigned(variant);
714 if (k <= 0 || k >= UINT64_MAX)
715 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
716
717 *limit = k;
718 return 0;
719}
720
721static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
722 uint64_t *weight = userdata;
723 uintmax_t k;
724
725 if (json_variant_is_null(variant)) {
726 *weight = UINT64_MAX;
727 return 0;
728 }
729
730 if (!json_variant_is_unsigned(variant))
731 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
732
733 k = json_variant_unsigned(variant);
734 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
735 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
736
737 *weight = k;
738 return 0;
739}
740
741int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
742 _cleanup_strv_free_ char **l = NULL;
743 char ***list = userdata;
744 JsonVariant *e;
745 int r;
746
747 if (!json_variant_is_array(variant))
748 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
749
750 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
751
752 if (!json_variant_is_string(e))
753 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
754
7a8867ab 755 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
71d0b9d4
LP		 756 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
757
758 r = strv_extend(&l, json_variant_string(e));
759 if (r < 0)
760 return json_log(e, flags, r, "Failed to append array element: %m");
761 }
762
763 r = strv_extend_strv(list, l, true);
764 if (r < 0)
765 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
766
767 return 0;
768}
769
770static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
771
772 static const JsonDispatch secret_dispatch_table[] = {
773 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
c0bde0d2
LP		 774 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
775 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
71d0b9d4 776 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
7b78db28 777 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
71d0b9d4
LP		 778 {},
779 };
780
781 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
782}
783
784static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
785 char **s = userdata;
786 const char *n;
787 int r;
788
789 if (json_variant_is_null(variant)) {
790 *s = mfree(*s);
791 return 0;
792 }
793
794 if (!json_variant_is_string(variant))
795 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
796
797 n = json_variant_string(variant);
798 if (!pkcs11_uri_valid(n))
799 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
800
801 r = free_and_strdup(s, n);
802 if (r < 0)
803 return json_log(variant, flags, r, "Failed to allocate string: %m");
804
805 return 0;
806}
807
808static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
809 _cleanup_strv_free_ char **z = NULL;
810 char ***l = userdata;
811 JsonVariant *e;
812 int r;
813
814 if (json_variant_is_null(variant)) {
815 *l = strv_free(*l);
816 return 0;
817 }
818
819 if (json_variant_is_string(variant)) {
820 const char *n;
821
822 n = json_variant_string(variant);
823 if (!pkcs11_uri_valid(n))
824 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
825
826 z = strv_new(n);
827 if (!z)
828 return log_oom();
829
830 } else {
831
832 if (!json_variant_is_array(variant))
833 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
834
835 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
836 const char *n;
837
838 if (!json_variant_is_string(e))
839 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
840
841 n = json_variant_string(e);
842 if (!pkcs11_uri_valid(n))
843 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
844
845 r = strv_extend(&z, n);
846 if (r < 0)
847 return log_oom();
848 }
849 }
850
851 strv_free_and_replace(*l, z);
852 return 0;
853}
854
855static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
856 Pkcs11EncryptedKey *k = userdata;
857 size_t l;
858 void *b;
859 int r;
860
861 if (json_variant_is_null(variant)) {
d00f3183 862 k->data = erase_and_free(k->data);
71d0b9d4
LP		 863 k->size = 0;
864 return 0;
865 }
866
867 if (!json_variant_is_string(variant))
868 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
869
870 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
871 if (r < 0)
872 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
873
874 erase_and_free(k->data);
875 k->data = b;
876 k->size = l;
877
878 return 0;
879}
880
881static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
882 UserRecord *h = userdata;
883 JsonVariant *e;
884 int r;
885
886 if (!json_variant_is_array(variant))
887 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
888
889 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
890 Pkcs11EncryptedKey *array, *k;
891
892 static const JsonDispatch pkcs11_key_dispatch_table[] = {
893 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
894 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
895 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
896 {},
897 };
898
899 if (!json_variant_is_object(e))
900 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
901
902 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
903 if (!array)
904 return log_oom();
905
906 h->pkcs11_encrypted_key = array;
907 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
908 *k = (Pkcs11EncryptedKey) {};
909
910 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
911 if (r < 0) {
912 pkcs11_encrypted_key_done(k);
913 return r;
914 }
915
916 h->n_pkcs11_encrypted_key++;
917 }
918
919 return 0;
920}
921
5e4fa456
LP		 922static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
923 Fido2HmacCredential *k = userdata;
924 size_t l;
925 void *b;
926 int r;
927
928 if (json_variant_is_null(variant)) {
929 k->id = mfree(k->id);
930 k->size = 0;
931 return 0;
932 }
933
934 if (!json_variant_is_string(variant))
935 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
936
937 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
938 if (r < 0)
939 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
940
941 free_and_replace(k->id, b);
942 k->size = l;
943
944 return 0;
945}
946
947static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
948 UserRecord *h = userdata;
949 JsonVariant *e;
950 int r;
951
952 if (!json_variant_is_array(variant))
953 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
954
955 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
956 Fido2HmacCredential *array;
957 size_t l;
958 void *b;
959
960 if (!json_variant_is_string(e))
961 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
962
963 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
964 if (!array)
965 return log_oom();
966
967 r = unbase64mem(json_variant_string(e), (size_t) -1, &b, &l);
968 if (r < 0)
969 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
970
971 h->fido2_hmac_credential = array;
972
973 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
974 .id = b,
975 .size = l,
976 };
977 }
978
979 return 0;
980}
981
982static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
983 Fido2HmacSalt *k = userdata;
984 size_t l;
985 void *b;
986 int r;
987
988 if (json_variant_is_null(variant)) {
989 k->salt = erase_and_free(k->salt);
990 k->salt_size = 0;
991 return 0;
992 }
993
994 if (!json_variant_is_string(variant))
995 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
996
997 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
998 if (r < 0)
999 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
1000
1001 erase_and_free(k->salt);
1002 k->salt = b;
1003 k->salt_size = l;
1004
1005 return 0;
1006}
1007
1008static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1009 UserRecord *h = userdata;
1010 JsonVariant *e;
1011 int r;
1012
1013 if (!json_variant_is_array(variant))
1014 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1015
1016 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1017 Fido2HmacSalt *array, *k;
1018
1019 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
1020 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
1021 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
1022 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
1023 {},
1024 };
1025
1026 if (!json_variant_is_object(e))
1027 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1028
1029 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
1030 if (!array)
1031 return log_oom();
1032
1033 h->fido2_hmac_salt = array;
1034 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
1035 *k = (Fido2HmacSalt) {};
1036
1037 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
1038 if (r < 0) {
1039 fido2_hmac_salt_done(k);
1040 return r;
1041 }
1042
1043 h->n_fido2_hmac_salt++;
1044 }
1045
1046 return 0;
1047}
1048
b3a97fd3
LP		 1049static int dispatch_recovery_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1050 UserRecord *h = userdata;
1051 JsonVariant *e;
1052 int r;
1053
1054 if (!json_variant_is_array(variant))
1055 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1056
1057 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1058 RecoveryKey *array, *k;
1059
1060 static const JsonDispatch recovery_key_dispatch_table[] = {
1061 { "type", JSON_VARIANT_STRING, json_dispatch_string, 0, JSON_MANDATORY },
1062 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(RecoveryKey, hashed_password), JSON_MANDATORY },
1063 {},
1064 };
1065
1066 if (!json_variant_is_object(e))
1067 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1068
1069 array = reallocarray(h->recovery_key, h->n_recovery_key + 1, sizeof(RecoveryKey));
1070 if (!array)
1071 return log_oom();
1072
1073 h->recovery_key = array;
1074 k = h->recovery_key + h->n_recovery_key;
1075 *k = (RecoveryKey) {};
1076
1077 r = json_dispatch(e, recovery_key_dispatch_table, NULL, flags, k);
1078 if (r < 0) {
1079 recovery_key_done(k);
1080 return r;
1081 }
1082
1083 h->n_recovery_key++;
1084 }
1085
1086 return 0;
1087}
1088
71d0b9d4
LP		 1089static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1090
1091 static const JsonDispatch privileged_dispatch_table[] = {
5e4fa456
LP		 1092 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
1093 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
1094 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
1095 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
1096 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
b3a97fd3 1097 { "recoveryKey", JSON_VARIANT_ARRAY, dispatch_recovery_key, 0, 0 },
71d0b9d4
LP		 1098 {},
1099 };
1100
1101 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
1102}
1103
1104static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1105
1106 static const JsonDispatch binding_dispatch_table[] = {
1107 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
1108 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1109 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1110 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1111 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1112 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1113 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1114 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1115 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1116 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1117 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1118 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1119 {},
1120 };
1121
1122 char smid[SD_ID128_STRING_MAX];
1123 JsonVariant *m;
1124 sd_id128_t mid;
1125 int r;
1126
1127 if (!variant)
1128 return 0;
1129
1130 if (!json_variant_is_object(variant))
1131 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1132
1133 r = sd_id128_get_machine(&mid);
1134 if (r < 0)
1135 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1136
1137 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1138 if (!m)
1139 return 0;
1140
1141 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
1142}
1143
1144int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
1145 sd_id128_t mid;
1146 int r;
1147
1148 r = sd_id128_get_machine(&mid);
1149 if (r < 0)
1150 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
1151
1152 if (json_variant_is_string(ids)) {
1153 sd_id128_t k;
1154
1155 r = sd_id128_from_string(json_variant_string(ids), &k);
1156 if (r < 0) {
1157 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
1158 return 0;
1159 }
1160
1161 return sd_id128_equal(mid, k);
1162 }
1163
1164 if (json_variant_is_array(ids)) {
1165 JsonVariant *e;
1166
1167 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1168 sd_id128_t k;
1169
1170 if (!json_variant_is_string(e)) {
1171 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1172 continue;
1173 }
1174
1175 r = sd_id128_from_string(json_variant_string(e), &k);
1176 if (r < 0) {
1177 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1178 continue;
1179 }
1180
1181 if (sd_id128_equal(mid, k))
1182 return true;
1183 }
1184
1185 return false;
1186 }
1187
1188 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1189 return false;
1190}
1191
1192int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1193 _cleanup_free_ char *hn = NULL;
1194 int r;
1195
1196 r = gethostname_strict(&hn);
1197 if (r == -ENXIO) {
1198 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1199 return false;
1200 }
1201 if (r < 0)
1202 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1203
1204 if (json_variant_is_string(hns))
1205 return streq(json_variant_string(hns), hn);
1206
1207 if (json_variant_is_array(hns)) {
1208 JsonVariant *e;
1209
1210 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1211
1212 if (!json_variant_is_string(e)) {
1213 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1214 continue;
1215 }
1216
1217 if (streq(json_variant_string(hns), hn))
1218 return true;
1219 }
1220
1221 return false;
1222 }
1223
1224 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1225 return false;
1226}
1227
1228static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1229
1230 static const JsonDispatch per_machine_dispatch_table[] = {
5e4fa456
LP		 1231 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1232 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1233 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1234 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1235 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1236 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1237 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1238 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1239 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1240 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1241 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1242 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1243 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1244 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1245 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1246 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1247 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1248 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1249 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1250 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1251 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1252 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1253 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1254 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1255 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1256 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1257 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1258 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1259 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1260 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1261 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1262 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1263 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1264 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1265 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1266 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1267 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1268 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1269 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1270 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1271 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1272 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1273 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1274 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1275 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1276 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1277 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1278 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1279 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1280 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1281 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1282 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1283 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1284 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1285 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1286 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1287 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1288 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1289 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1290 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1291 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
71d0b9d4
LP		 1292 {},
1293 };
1294
1295 JsonVariant *e;
1296 int r;
1297
1298 if (!variant)
1299 return 0;
1300
1301 if (!json_variant_is_array(variant))
1302 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1303
1304 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1305 bool matching = false;
1306 JsonVariant *m;
1307
1308 if (!json_variant_is_object(e))
1309 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1310
1311 m = json_variant_by_key(e, "matchMachineId");
1312 if (m) {
1313 r = per_machine_id_match(m, flags);
1314 if (r < 0)
1315 return r;
1316
1317 matching = r > 0;
1318 }
1319
1320 if (!matching) {
1321 m = json_variant_by_key(e, "matchHostname");
1322 if (m) {
1323 r = per_machine_hostname_match(m, flags);
1324 if (r < 0)
1325 return r;
1326
1327 matching = r > 0;
1328 }
1329 }
1330
1331 if (!matching)
1332 continue;
1333
1334 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1335 if (r < 0)
1336 return r;
1337 }
1338
1339 return 0;
1340}
1341
1342static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1343
1344 static const JsonDispatch status_dispatch_table[] = {
1345 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1346 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1347 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1348 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1349 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1350 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1351 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1352 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1353 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1354 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1355 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1356 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1357 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1358 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1359 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1360 {},
1361 };
1362
1363 char smid[SD_ID128_STRING_MAX];
1364 JsonVariant *m;
1365 sd_id128_t mid;
1366 int r;
1367
1368 if (!variant)
1369 return 0;
1370
1371 if (!json_variant_is_object(variant))
1372 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1373
1374 r = sd_id128_get_machine(&mid);
1375 if (r < 0)
1376 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1377
1378 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1379 if (!m)
1380 return 0;
1381
1382 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1383}
1384
a43eddbd
LP		 1385int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1386 const char *suffix;
1387 char *z;
1388
1389 assert(storage >= 0);
1390 assert(user_name_and_realm);
1391 assert(ret);
1392
1393 if (storage == USER_LUKS)
1394 suffix = ".home";
1395 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1396 suffix = ".homedir";
1397 else {
1398 *ret = NULL;
1399 return 0;
1400 }
1401
1402 z = strjoin("/home/", user_name_and_realm, suffix);
1403 if (!z)
1404 return -ENOMEM;
1405
1406 *ret = z;
1407 return 1;
1408}
1409
71d0b9d4 1410static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
a43eddbd
LP		 1411 int r;
1412
71d0b9d4
LP		 1413 assert(h);
1414
1415 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1416 return 0;
1417
1418 assert(h->user_name);
1419
1420 if (!h->user_name_and_realm_auto && h->realm) {
1421 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1422 if (!h->user_name_and_realm_auto)
1423 return json_log_oom(h->json, json_flags);
1424 }
1425
162392b7 1426 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
71d0b9d4
LP		 1427 if (user_record_disposition(h) != USER_REGULAR)
1428 return 0;
1429
1430 if (!h->home_directory && !h->home_directory_auto) {
1431 h->home_directory_auto = path_join("/home/", h->user_name);
1432 if (!h->home_directory_auto)
1433 return json_log_oom(h->json, json_flags);
1434 }
1435
1436 if (!h->image_path && !h->image_path_auto) {
a43eddbd
LP		 1437 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1438 if (r < 0)
1439 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
71d0b9d4
LP		 1440 }
1441
1442 return 0;
1443}
1444
1445int user_group_record_mangle(
1446 JsonVariant *v,
1447 UserRecordLoadFlags load_flags,
1448 JsonVariant **ret_variant,
1449 UserRecordMask *ret_mask) {
1450
1451 static const struct {
1452 UserRecordMask mask;
1453 const char *name;
1454 } mask_field[] = {
1455 { USER_RECORD_PRIVILEGED, "privileged" },
1456 { USER_RECORD_SECRET, "secret" },
1457 { USER_RECORD_BINDING, "binding" },
1458 { USER_RECORD_PER_MACHINE, "perMachine" },
1459 { USER_RECORD_STATUS, "status" },
1460 { USER_RECORD_SIGNATURE, "signature" },
1461 };
1462
1463 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1464 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1465 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1466 size_t n_retain = 0, i;
1467 UserRecordMask m = 0;
1468 int r;
1469
1470 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1471 * UserRecordMask bit masks as UserRecordLoadFlags
1472 * value */
1473
1474 assert(v);
1475 assert(ret_variant);
1476 assert(ret_mask);
1477
1478 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1479 * log message wording here, to cover both cases. */
1480
1481 if (!json_variant_is_object(v))
1482 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1483
1484 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1485 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1486
1487 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1488 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1489
1490 /* Check if we have the special sections and if they match our flags set */
1491 for (i = 0; i < ELEMENTSOF(mask_field); i++) {
1492 JsonVariant *e, *k;
1493
1494 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1495 if (!w)
1496 w = json_variant_ref(v);
1497
1498 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1499 if (r < 0)
1500 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1501
1502 continue;
1503 }
1504
1505 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1506 if (e) {
1507 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1508 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1509
1510 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1511 array[n_retain++] = k;
1512 array[n_retain++] = e;
1513 }
1514
1515 m |= mask_field[i].mask;
1516 } else {
1517 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1518 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1519 }
1520 }
1521
1522 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1523 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1524 * with just the stuff we need. */
1525
1526 w = json_variant_unref(w);
1527 r = json_variant_new_object(&w, array, n_retain);
1528 if (r < 0)
1529 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1530 } else {
1531 /* And now check if there's anything else in the record */
1532 for (i = 0; i < json_variant_elements(v); i += 2) {
1533 const char *f;
1534 bool special = false;
1535 size_t j;
1536
1537 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1538
1539 for (j = 0; j < ELEMENTSOF(mask_field); j++)
1540 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1541 special = true;
1542 continue;
1543 }
1544
1545 if (!special) {
1546 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1547 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1548
1549 m |= USER_RECORD_REGULAR;
1550 break;
1551 }
1552 }
1553 }
1554
1555 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1556 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1557
1558 if (m == 0)
1559 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1560
1561 if (w)
1562 *ret_variant = TAKE_PTR(w);
1563 else
1564 *ret_variant = json_variant_ref(v);
1565
1566 *ret_mask = m;
1567 return 0;
1568}
1569
1570int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1571
1572 static const JsonDispatch user_dispatch_table[] = {
5e4fa456
LP		 1573 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1574 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1575 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1576 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1577 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1578 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1579 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1580 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1581 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1582 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1583 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1584 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1585 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1586 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1587 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1588 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1589 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1590 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1591 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1592 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1593 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1594 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1595 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1596 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1597 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1598 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1599 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1600 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1601 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1602 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1603 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1604 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1605 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1606 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1607 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1608 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1609 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1610 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1611 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1612 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1613 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1614 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1615 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1616 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1617 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
5e86c82a 1618 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
5e4fa456
LP		 1619 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1620 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1621 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1622 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1623 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1624 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1625 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1626 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1627 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1628 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1629 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1630 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1631 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1632 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1633 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1634 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1635 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1636 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1637 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1638 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1639 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1640 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
b3a97fd3 1641 { "recoveryKeyType", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, recovery_key_type), 0 },
5e4fa456
LP		 1642
1643 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1644 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
71d0b9d4
LP		 1645
1646 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
5e4fa456
LP		 1647 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1648 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1649 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
71d0b9d4
LP		 1650
1651 /* Ignore 'signature', we check it with explicit accessors instead */
5e4fa456 1652 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
71d0b9d4
LP		 1653 {},
1654 };
1655
1656 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1657 int r;
1658
1659 assert(h);
1660 assert(!h->json);
1661
1662 /* Note that this call will leave a half-initialized record around on failure! */
1663
1664 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1665 if (r < 0)
1666 return r;
1667
1668 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1669 if (r < 0)
1670 return r;
1671
1672 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1673 * since we want them to override the global options. Let's process them now. */
1674
1675 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1676 if (r < 0)
1677 return r;
1678
1679 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1680 if (r < 0)
1681 return r;
1682
1683 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1684 if (r < 0)
1685 return r;
1686
1687 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1688 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1689
1690 r = user_record_augment(h, json_flags);
1691 if (r < 0)
1692 return r;
1693
1694 return 0;
1695}
1696
1697int user_record_build(UserRecord **ret, ...) {
1698 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1699 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1700 va_list ap;
1701 int r;
1702
1703 assert(ret);
1704
1705 va_start(ap, ret);
1706 r = json_buildv(&v, ap);
1707 va_end(ap);
1708
1709 if (r < 0)
1710 return r;
1711
1712 u = user_record_new();
1713 if (!u)
1714 return -ENOMEM;
1715
1716 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1717 if (r < 0)
1718 return r;
1719
1720 *ret = TAKE_PTR(u);
1721 return 0;
1722}
1723
1724const char *user_record_user_name_and_realm(UserRecord *h) {
1725 assert(h);
1726
1727 /* Return the pre-initialized joined string if it is defined */
1728 if (h->user_name_and_realm_auto)
1729 return h->user_name_and_realm_auto;
1730
1731 /* If it's not defined then we cannot have a realm */
1732 assert(!h->realm);
1733 return h->user_name;
1734}
1735
1736UserStorage user_record_storage(UserRecord *h) {
1737 assert(h);
1738
1739 if (h->storage >= 0)
1740 return h->storage;
1741
1742 return USER_CLASSIC;
1743}
1744
1745const char *user_record_file_system_type(UserRecord *h) {
1746 assert(h);
1747
caf6bd16 1748 return h->file_system_type ?: "btrfs";
71d0b9d4
LP		 1749}
1750
1751const char *user_record_skeleton_directory(UserRecord *h) {
1752 assert(h);
1753
1754 return h->skeleton_directory ?: "/etc/skel";
1755}
1756
1757mode_t user_record_access_mode(UserRecord *h) {
1758 assert(h);
1759
1760 return h->access_mode != (mode_t) -1 ? h->access_mode : 0700;
1761}
1762
1763const char* user_record_home_directory(UserRecord *h) {
1764 assert(h);
1765
1766 if (h->home_directory)
1767 return h->home_directory;
1768 if (h->home_directory_auto)
1769 return h->home_directory_auto;
1770
1771 /* The root user is special, hence be special about it */
1772 if (streq_ptr(h->user_name, "root"))
1773 return "/root";
1774
1775 return "/";
1776}
1777
1778const char *user_record_image_path(UserRecord *h) {
1779 assert(h);
1780
1781 if (h->image_path)
1782 return h->image_path;
1783 if (h->image_path_auto)
1784 return h->image_path_auto;
1785
1786 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1787}
1788
1789const char *user_record_cifs_user_name(UserRecord *h) {
1790 assert(h);
1791
1792 return h->cifs_user_name ?: h->user_name;
1793}
1794
1795unsigned long user_record_mount_flags(UserRecord *h) {
1796 assert(h);
1797
1798 return (h->nosuid ? MS_NOSUID : 0) |
1799 (h->noexec ? MS_NOEXEC : 0) |
1800 (h->nodev ? MS_NODEV : 0);
1801}
1802
1803const char *user_record_shell(UserRecord *h) {
1804 assert(h);
1805
1806 if (h->shell)
1807 return h->shell;
1808
1809 if (streq_ptr(h->user_name, "root"))
1810 return "/bin/sh";
1811
1812 if (user_record_disposition(h) == USER_REGULAR)
1813 return "/bin/bash";
1814
1815 return NOLOGIN;
1816}
1817
1818const char *user_record_real_name(UserRecord *h) {
1819 assert(h);
1820
1821 return h->real_name ?: h->user_name;
1822}
1823
1824bool user_record_luks_discard(UserRecord *h) {
1825 const char *ip;
1826
1827 assert(h);
1828
1829 if (h->luks_discard >= 0)
1830 return h->luks_discard;
1831
1832 ip = user_record_image_path(h);
1833 if (!ip)
1834 return false;
1835
1836 /* Use discard by default if we are referring to a real block device, but not when operating on a
1837 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1838 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1839 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1840 * on should the disk space to back our file systems not be available. */
1841
1842 return path_startswith(ip, "/dev/");
1843}
1844
5e86c82a
LP		 1845bool user_record_luks_offline_discard(UserRecord *h) {
1846 const char *ip;
1847
1848 assert(h);
1849
1850 if (h->luks_offline_discard >= 0)
1851 return h->luks_offline_discard;
1852
1853 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1854 * physical media, where we should just bind it to the online discard mode. */
1855
1856 ip = user_record_image_path(h);
1857 if (!ip)
1858 return false;
1859
1860 if (path_startswith(ip, "/dev/"))
1861 return user_record_luks_discard(h);
1862
1863 return true;
1864}
1865
71d0b9d4
LP		 1866const char *user_record_luks_cipher(UserRecord *h) {
1867 assert(h);
1868
1869 return h->luks_cipher ?: "aes";
1870}
1871
1872const char *user_record_luks_cipher_mode(UserRecord *h) {
1873 assert(h);
1874
1875 return h->luks_cipher_mode ?: "xts-plain64";
1876}
1877
1878uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1879 assert(h);
1880
1881 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1882
1883 if (h->luks_volume_key_size == UINT64_MAX)
1884 return 256 / 8;
1885
1886 return MIN(h->luks_volume_key_size, SIZE_MAX);
1887}
1888
1889const char* user_record_luks_pbkdf_type(UserRecord *h) {
1890 assert(h);
1891
1892 return h->luks_pbkdf_type ?: "argon2i";
1893}
1894
1895uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1896 assert(h);
1897
1898 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1899
1900 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1901 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1902
1903 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1904}
1905
1906uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1907 assert(h);
1908
1909 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1910
1911 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1912 return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1913
1914 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1915}
1916
1917uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1918 assert(h);
1919
1920 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1921 return 1; /* We default to 1, since this should work on smaller systems too */
1922
1923 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1924}
1925
1926const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1927 assert(h);
1928
1929 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1930}
1931
1932gid_t user_record_gid(UserRecord *h) {
1933 assert(h);
1934
1935 if (gid_is_valid(h->gid))
1936 return h->gid;
1937
1938 return (gid_t) h->uid;
1939}
1940
1941UserDisposition user_record_disposition(UserRecord *h) {
1942 assert(h);
1943
1944 if (h->disposition >= 0)
1945 return h->disposition;
1946
1947 /* If not declared, derive from UID */
1948
1949 if (!uid_is_valid(h->uid))
1950 return _USER_DISPOSITION_INVALID;
1951
1952 if (h->uid == 0 || h->uid == UID_NOBODY)
1953 return USER_INTRINSIC;
1954
1955 if (uid_is_system(h->uid))
1956 return USER_SYSTEM;
1957
1958 if (uid_is_dynamic(h->uid))
1959 return USER_DYNAMIC;
1960
1961 if (uid_is_container(h->uid))
1962 return USER_CONTAINER;
1963
1964 if (h->uid > INT32_MAX)
1965 return USER_RESERVED;
1966
1967 return USER_REGULAR;
1968}
1969
1970int user_record_removable(UserRecord *h) {
1971 UserStorage storage;
1972 assert(h);
1973
1974 if (h->removable >= 0)
1975 return h->removable;
1976
1977 /* Refuse to decide for classic records */
1978 storage = user_record_storage(h);
1979 if (h->storage < 0 || h->storage == USER_CLASSIC)
1980 return -1;
1981
1982 /* For now consider only LUKS home directories with a reference by path as removable */
1983 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1984}
1985
1986uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1987 assert(h);
1988
1989 if (h->ratelimit_interval_usec == UINT64_MAX)
1990 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1991
1992 return h->ratelimit_interval_usec;
1993}
1994
1995uint64_t user_record_ratelimit_burst(UserRecord *h) {
1996 assert(h);
1997
1998 if (h->ratelimit_burst == UINT64_MAX)
1999 return DEFAULT_RATELIMIT_BURST;
2000
2001 return h->ratelimit_burst;
2002}
2003
2004bool user_record_can_authenticate(UserRecord *h) {
2005 assert(h);
2006
2007 /* Returns true if there's some form of property configured that the user can authenticate against */
2008
2009 if (h->n_pkcs11_encrypted_key > 0)
2010 return true;
2011
5e4fa456
LP		 2012 if (h->n_fido2_hmac_salt > 0)
2013 return true;
2014
71d0b9d4
LP		 2015 return !strv_isempty(h->hashed_password);
2016}
2017
2018uint64_t user_record_ratelimit_next_try(UserRecord *h) {
2019 assert(h);
2020
2021 /* Calculates when the it's possible to login next. Returns:
2022 *
2023 * UINT64_MAX → Nothing known
2024 * 0 → Right away
2025 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2026 */
2027
2028 if (h->ratelimit_begin_usec == UINT64_MAX ||
2029 h->ratelimit_count == UINT64_MAX)
2030 return UINT64_MAX;
2031
61a29a02
LP		 2032 if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
2033 * the local clock is probably incorrect. Let's
2034 * not refuse login then. */
2035 return UINT64_MAX;
2036
71d0b9d4
LP		 2037 if (h->ratelimit_count < user_record_ratelimit_burst(h))
2038 return 0;
2039
2040 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
2041}
2042
2043bool user_record_equal(UserRecord *a, UserRecord *b) {
2044 assert(a);
2045 assert(b);
2046
2047 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2048 * sufficient to compare the JSON data. */
2049
2050 return json_variant_equal(a->json, b->json);
2051}
2052
2053bool user_record_compatible(UserRecord *a, UserRecord *b) {
2054 assert(a);
2055 assert(b);
2056
d51c4fca 2057 /* If either lacks the regular section, we can't really decide, let's hence say they are
71d0b9d4
LP		 2058 * incompatible. */
2059 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
2060 return false;
2061
2062 return streq_ptr(a->user_name, b->user_name) &&
2063 streq_ptr(a->realm, b->realm);
2064}
2065
2066int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
2067 assert(a);
2068 assert(b);
2069
2070 if (a->last_change_usec == b->last_change_usec)
2071 return 0;
2072
2073 /* Always consider a record with a timestamp newer than one without */
2074 if (a->last_change_usec == UINT64_MAX)
2075 return -1;
2076 if (b->last_change_usec == UINT64_MAX)
2077 return 1;
2078
2079 return CMP(a->last_change_usec, b->last_change_usec);
2080}
2081
2082int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
2083 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
2084 int r;
2085
2086 assert(h);
2087 assert(ret);
2088
2089 c = user_record_new();
2090 if (!c)
2091 return -ENOMEM;
2092
2093 r = user_record_load(c, h->json, flags);
2094 if (r < 0)
2095 return r;
2096
2097 *ret = TAKE_PTR(c);
2098 return 0;
2099}
2100
2101int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
2102 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
2103 int r;
2104
2105 assert(a);
2106 assert(b);
2107
2108 /* Compares the two records, but ignores anything not listed in the specified mask */
2109
2110 if ((a->mask & ~mask) != 0) {
2111 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &x);
2112 if (r < 0)
2113 return r;
2114
2115 a = x;
2116 }
2117
2118 if ((b->mask & ~mask) != 0) {
2119 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &y);
2120 if (r < 0)
2121 return r;
2122
2123 b = y;
2124 }
2125
2126 return user_record_equal(a, b);
2127}
2128
2129int user_record_test_blocked(UserRecord *h) {
2130 usec_t n;
2131
2132 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2133 *
2134 * -ESTALE: Record is from the future
2135 * -ENOLCK: Record is blocked
2136 * -EL2HLT: Record is not valid yet
2137 * -EL3HLT: Record is not valid anymore
2138 *
2139 */
2140
2141 assert(h);
2142
71d0b9d4
LP		 2143 if (h->locked > 0)
2144 return -ENOLCK;
2145
51a95db6
LP		 2146 n = now(CLOCK_REALTIME);
2147
71d0b9d4
LP		 2148 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
2149 return -EL2HLT;
2150 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
2151 return -EL3HLT;
2152
51a95db6
LP		 2153 if (h->last_change_usec != UINT64_MAX &&
2154 h->last_change_usec > n) /* Complain during log-ins when the record is from the future */
2155 return -ESTALE;
2156
71d0b9d4
LP		 2157 return 0;
2158}
2159
2160int user_record_test_password_change_required(UserRecord *h) {
2161 bool change_permitted;
2162 usec_t n;
2163
2164 assert(h);
2165
2166 /* Checks whether the user must change the password when logging in
2167
2168 -EKEYREVOKED: Change password now because admin said so
2169 -EOWNERDEAD: Change password now because it expired
2170 -EKEYREJECTED: Password is expired, no changing is allowed
2171 -EKEYEXPIRED: Password is about to expire, warn user
2172 -ENETDOWN: Record has expiration info but no password change timestamp
2173 -EROFS: No password change required nor permitted
3e0b5486 2174 -ESTALE: RTC likely incorrect, last password change is in the future
71d0b9d4
LP		 2175 0: No password change required, but permitted
2176 */
2177
162392b7 2178 /* If a password change request has been set explicitly, it overrides everything */
71d0b9d4
LP		 2179 if (h->password_change_now > 0)
2180 return -EKEYREVOKED;
2181
2182 n = now(CLOCK_REALTIME);
2183
3e0b5486
LP		 2184 /* Password change in the future? Then our RTC is likely incorrect */
2185 if (h->last_password_change_usec != UINT64_MAX &&
2186 h->last_password_change_usec > n &&
2187 (h->password_change_min_usec != UINT64_MAX ||
2188 h->password_change_max_usec != UINT64_MAX ||
2189 h->password_change_inactive_usec != UINT64_MAX))
2190 return -ESTALE;
2191
71d0b9d4
LP		 2192 /* Then, let's check if password changing is currently allowed at all */
2193 if (h->password_change_min_usec != UINT64_MAX) {
2194
2195 /* Expiry configured but no password change timestamp known? */
2196 if (h->last_password_change_usec == UINT64_MAX)
2197 return -ENETDOWN;
2198
2199 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2200 change_permitted = false;
2201 else
2202 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2203
2204 } else
2205 change_permitted = true;
2206
2207 /* Let's check whether the password has expired. */
2208 if (!(h->password_change_max_usec == UINT64_MAX ||
2209 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2210
2211 uint64_t change_before;
2212
2213 /* Expiry configured but no password change timestamp known? */
2214 if (h->last_password_change_usec == UINT64_MAX)
2215 return -ENETDOWN;
2216
2217 /* Password is in inactive phase? */
2218 if (h->password_change_inactive_usec != UINT64_MAX &&
2219 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2220 usec_t added;
2221
2222 added = h->password_change_inactive_usec + h->password_change_max_usec;
2223 if (added < UINT64_MAX - h->last_password_change_usec &&
2224 n >= h->last_password_change_usec + added)
2225 return -EKEYREJECTED;
2226 }
2227
2228 /* Password needs to be changed now? */
2229 change_before = h->last_password_change_usec + h->password_change_max_usec;
2230 if (n >= change_before)
2231 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2232
2233 /* Warn user? */
2234 if (h->password_change_warn_usec != UINT64_MAX &&
2235 (change_before < h->password_change_warn_usec ||
2236 n >= change_before - h->password_change_warn_usec))
2237 return change_permitted ? -EKEYEXPIRED : -EROFS;
2238 }
2239
2240 /* No password changing necessary */
2241 return change_permitted ? 0 : -EROFS;
2242}
2243
2244static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2245 [USER_CLASSIC] = "classic",
2246 [USER_LUKS] = "luks",
2247 [USER_DIRECTORY] = "directory",
2248 [USER_SUBVOLUME] = "subvolume",
2249 [USER_FSCRYPT] = "fscrypt",
2250 [USER_CIFS] = "cifs",
2251};
2252
2253DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2254
2255static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2256 [USER_INTRINSIC] = "intrinsic",
2257 [USER_SYSTEM] = "system",
2258 [USER_DYNAMIC] = "dynamic",
2259 [USER_REGULAR] = "regular",
2260 [USER_CONTAINER] = "container",
2261 [USER_RESERVED] = "reserved",
2262};
2263
2264DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.